Skip to main content

AccessControlPausableFacet

Manage role pausing and unpausing within a diamond

Key Features
  • Enables temporary disabling of specific roles.
  • Integrates role pausing with the diamond proxy pattern.
  • Emits RolePaused and RoleUnpaused events for state tracking.
  • Reverts with AccessControlUnauthorizedAccount and AccessControlRolePaused custom errors.

Overview

This facet provides functionality to pause and unpause specific roles within a Compose diamond. It allows authorized administrators to temporarily disable role execution, enhancing control during critical operations. Calls are routed through the diamond proxy, integrating seamlessly with the diamond's access control and upgradeability.

Storage

AccessControlStorage

Definition
struct AccessControlStorage {
  mapping(address account => mapping(bytes32 role => bool hasRole)) hasRole;
  mapping(bytes32 role => bytes32 adminRole) adminRole;
}

AccessControlPausableStorage

Definition
struct AccessControlPausableStorage {
  mapping(bytes32 role => bool paused) pausedRoles;
}

State Variables

PropertyTypeDescription
ACCESS_CONTROL_STORAGE_POSITIONbytes32Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol"))
PAUSABLE_STORAGE_POSITIONbytes32Diamond storage slot position for this module (Value: keccak256("compose.accesscontrol.pausable"))

Functions

isRolePaused

Returns if a role is paused.

function isRolePaused(bytes32 _role) external view returns (bool);

Parameters:

PropertyTypeDescription
_rolebytes32The role to check.

Returns:

PropertyTypeDescription
-boolTrue if the role is paused, false otherwise.

pauseRole

Temporarily disables a role, preventing all accounts from using it. Only the admin of the role can pause it. Emits a RolePaused event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function pauseRole(bytes32 _role) external;

Parameters:

PropertyTypeDescription
_rolebytes32The role to pause.

unpauseRole

Re-enables a role that was previously paused. Only the admin of the role can unpause it. Emits a RoleUnpaused event. Reverts with AccessControlUnauthorizedAccount If the caller is not the admin of the role.

function unpauseRole(bytes32 _role) external;

Parameters:

PropertyTypeDescription
_rolebytes32The role to unpause.

requireRoleNotPaused

Checks if an account has a role and if the role is not paused. - Reverts with AccessControlUnauthorizedAccount If the account does not have the role. - Reverts with AccessControlRolePaused If the role is paused.

function requireRoleNotPaused(bytes32 _role, address _account) external view;

Parameters:

PropertyTypeDescription
_rolebytes32The role to check.
_accountaddressThe account to check the role for.

Events

Errors

Best Practices

Best Practice
  • Initialize roles and their pause status during diamond deployment.
  • Ensure only authorized administrators can call pauseRole and unpauseRole.
  • Utilize requireRoleNotPaused to enforce pause state before executing role-dependent logic.

Security Considerations

Security

The pauseRole and unpauseRole functions are restricted to role administrators, preventing unauthorized pausing or unpausing. The requireRoleNotPaused function ensures that calls are only permitted when the specified role is not paused, mitigating risks associated with executing functions during critical periods. Input validation is handled by custom errors.

Was this helpful?
Last updated:
This site is powered by Netlify